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DETAILED ACTION 

1 . Claims 1 -24 have been examined. 

Double Patenting 

2. Claims 1-8, 10-19, and 21-24 are provisionally rejected under the judicially 
created doctrine of obviousness-type double patenting as being unpatentable over 
claims 1-8, 9-18, and 20-23 of copending Application No. 10/002,064. Although the 
conflicting claims are not identical, they are not patentably distinct from each other 
because the subject matter claimed in the instant application is fully disclosed in the 
referenced copending application. 

This is a provisional obviousness-type double patenting rejection because the 
conflicting claims have not in fact been patented. 

The subject matter claimed in the instant application is fully disclosed in the 
referenced copending application and would be covered by any patent granted on that 
copending application since the referenced copending application and the instant 
application are claiming common subject matter, as follows: the copending application 
discloses a method of displaying data, comprising: capturing and decoding data, 
correlating data components, retrieving a web-browser template, and graphically 
displaying the correlated decoded data; the instant application discloses a method of 
displaying data, comprising: capturing and decoding data, correlating data components, 
and graphically displaying the correlated decoded data. 

Claims 1-8, 10-19, and 21-24 of the instant application are envisioned by 
copending Application No. 1 0/002, 064's claims 1-8, 9-18, and 20-23 in that claims 1-8, 
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9-18, and 20-23 of the copending application contain all the limitations of claims 1-8, 10- 
19, and 21-24 of the instant application. Claims 1-8, 10-19, and 21-24 of the instant 
application therefore are not patently distinct from the copending application claims and 
as such are unpatentable for obvious-type double patenting. 

Specification 

The disclosure is objected to because of the following informalities: pages 1-2 
recite docket numbers; please add serial application numbers; page 7 is missing the 
serial application numbers (lines 18 and 22). Appropriate correction is required. 

Drawings 

3. The drawings are objected to as failing to comply with 37 CFR 1 .84(p)(4) 
because reference character "18" has been used to designate both "storage device or 
database" (Fig 1) and "HTML" (Fig 2). Corrected drawing sheets in compliance with 37 
CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the 
application. Any amended replacement drawing sheet should include all of the figures 
appearing on the immediate prior version of the sheet, even if only one figure is being 
amended. Each drawing sheet submitted after the filing date of an application must be 
labeled in the top margin as either "Replacement Sheet" or "New Sheet" pursuant to 37 
CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be 
notified and informed of any required corrective action in the next Office action. The 
objection to the drawings will not be held in abeyance. 

4. The drawings are objected to as failing to comply with 37 CFR 1 .84(p)(5) 
because they include the following reference character(s) not mentioned in the 
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description: 124 (Fig. 5). Corrected drawing sheets in compliance with 37 CFR 
1.121(d), or amendment to the specification to add the reference character(s) in the 
description in compliance with 37 CFR 1.121(b) are required in reply to the Office action 
to avoid abandonment of the application. Any amended replacement drawing sheet 
should include all of the figures appearing on the immediate prior version of the sheet, 
even if only one figure is being amended. Each drawing sheet submitted after the filing 
date of an application must be labeled in the top margin as either "Replacement Sheet" 
or "New Sheet" pursuant to 37 CFR 1 .121(d). If the changes are not accepted by the 
examiner, the applicant will be notified and informed of any required corrective action in 
the next Office action. The objection to the drawings will not be held in abeyance. 

Claim Objections 

5. Claim 10 is objected to because of the following informalities: "capturing data 
related to the intrusion event (the data comprising data components of intrusion 
signature, data summary, and detailed data)". The parenthesis should be removed for 
the limitation to be given patentable weight. Appropriate correction is required. 
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Claim Rejections - 35 USC § 101 

6. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, 
manufacture, or composition of matter, or any new and useful improvement 
thereof, may obtain a patent therefor, subject to the conditions and requirements 
of this title. 

7. Claims 1-9 and 17-24 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. Claims 1 and 17 states 
"decipherable by humans", this is considered non-statutory subject matter. Dependent 
claims 2-9 and 18-24 are rejected based on their dependency from claims 1 and 17 
respectively. 

8. To expedite a complete examination of the application, the claims rejected under 
35 U.S.C. 101 (non-statutory) above are further rejected as set forth below in 
anticipation of applicant amending these claims to place them within the four statutory 
categories of invention. 

Claim Rejections - 35 USC § 102 

9. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for a patent. 

10. Claims 1, 5-10, 13-17, and 21-24 are rejected under 35 U.S.C. 102(a) as being 
anticipated by Maloney et al. (US Patent Number: 6,269,447). 

Regarding claim 1, Maloney et al. teach capturing data related to the intrusion 
event (column 4, lines 34-37); decoding the captured data from a first predetermined 
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format to a second predetermined format decipherable by humans, the decoded data in 
turn comprising intrusion signature, data summary, and detailed data (column 4, lines 
34-40); correlating data components of the intrusion signature, data summary and 
detailed data to one another (column 4, lines 53-60); and graphically displaying the 
correlated decoded data components (column 4, lines 47-53). 

Regarding claim 5, Maloney et al. teach wherein capturing data comprises 
capturing network data packets of the intrusion event (column 4, lines 34-37, column 7, 
lines 23-27). 

Regarding claim 6, Maloney et al. teach wherein decoding the captured data 
comprises decoding the captured data from a binary format to a human-readable text 
format (column 6, lines 8-20). 

Regarding claim 7, Maloney et al. teach wherein decoding the captured data 
comprises decoding the captured data to decoded data having a data link layer protocol 
header, a network layer protocol header, a network layer protocol data summary, and 
packet data in hexadecimal format (column 4, lines 24-33, column 7, lines 65-67, 
column 8, lines 1-12). 

Regarding claim 8, Maloney et al. teach wherein decoding the captured data 
comprises decoding the captured data to decoded data having an Ethernet header, an 
IP header, an IP data summary, and packet data in hexadecimal format (column 4, lines 
24-33, column 7, lines 65-67, column 8, lines 1-12). 

Regarding claim 9, Maloney et al. teach the method, as set forth in claim 1, 
further comprising storing the captured data (column 4, lines 24-26). 
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Regarding claim 10, Maloney et al. teach capturing data related to the intrusion 
event (column 4, lines 34-37) (the data comprising data components of intrusion 
signature, data summary, and detailed data) (column 4, lines 34-40); correlating data 
components of the intrusion signature, data summary and detailed data to one another 
(column 4, lines 53-60); and graphically displaying the correlated data components 
(column 4, lines 47-53). 

Regarding claim 13, Maloney et al. teach wherein capturing data comprises 
capturing network data packets of the intrusion event in response to detecting the 
presence of a predetermined signature in the network data packet (column 4, lines 34- 
37, column 2, lines 23-33, column 12, lines 21-42). 

Regarding claim 14, Maloney et al. teach the method, as set forth in claim 10, 
further comprising decoding the captured data from a binary format to a human- 
readable text format (column 6, lines 8-20). 

Regarding claim 15, Maloney et al. teach the method, as set forth in claim 10, 
further comprising decoding the captured data to decoded data having a data link layer 
protocol header, a network layer protocol header, a network layer protocol data 
summary, and packet data in hexadecimal format (column 4, lines 24-33, column 7, 
lines 65-67, column 8, lines 1-12). 

Regarding claim 16, Maloney et al. teach the method, as set forth in claim 10, 
further comprising decoding the captured data to decoded data having an Ethernet 
header, an IP header, an IP data summary, and packet data in hexadecimal format 
(column 4, lines 24-33, column 7, lines 65-67, column 8, lines 1-12). 



Application/Control Number: 1 0/001 ,350 Page 8 

Art Unit: 2136 

Regarding claim 17, Maloney et al. teach a network driver capturing data related 
to an intrusion event upon detecting a predetermined intrusion signature (column 7, 
lines 23-27, column 2, lines 23-33, column 12, lines 21-42); a decode engine decoding 
the captured data from a first predetermined format to a second predetermined format 
decipherable by humans, the decoded data comprising data components of intrusion 
event data, data summary, and detailed data (column 4, lines 34-40); and a user 
interface correlating data components of the intrusion signature, intrusion event data, 
data summary and detailed data to one another (column 4, lines 53-60) and displaying 
the correlated decoded data components (column 4, lines 47-53). 

Regarding claim 21, Maloney et al. teach the system, as set forth in claim 17, 
wherein the network driver captures network data packets of the intrusion event in 
response to the intrusion detection system detecting a predetermined intrusion 
signature (column 7, lines 23-27, column 2, lines 23-33, column 12, lines 21-42). 

Regarding claim 22, Maloney et al. teach the system, as set forth in claim 17, 
wherein the decode engine decodes the captured data from a binary format to a human- 
readable text format (column 6, lines 8-20). 

Regarding claim 23, Maloney et al. teach the system, as set forth in claim 17, 
wherein the decode engine decodes the captured data to decoded data having a data 
link layer protocol header, a network layer protocol header, a network layer protocol 
data summary, and packet data in hexadecimal format (column 4, lines 24-33, column 
7, lines 65-67, column 8, lines 1-12). 
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Regarding claim 24, Maloney et al. teach the system, as set forth in claim 17, 
wherein the decode engine decodes the captured data to decoded data having an 
Ethernet header, an IP header, an IP data summary, and packet data in hexadecimal 
format (column 4, lines 24-33, column 7, lines 65-67, column 8, lines 1-12). 
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Claim Rejections - 35 USC § 103 

1 1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

12. Claims 2-4, 11-12, and 18-20 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Maloney et al. as applied to claims 1,10, and 17 respectively above, 
and further in view of Slodowski et al. (US Patent Number: 6,775,583). 

Regarding claim 2, Maloney et al. do not expressly disclose wherein graphically 
displaying the correlated decoded data components comprises graphically highlighting 
correlated data components of intrusion signature, data summary and detailed data. 
However, Slodowski et al. teach wherein graphically displaying the correlated decoded 
data components comprises graphically highlighting correlated data components of 
intrusion signature, data summary and detailed data (column 5, lines 13-43). Therefore, 
it would have been obvious to one having ordinary skill in the art at the time the 
invention was made to graphically display data, highlighting correlated data. One of 
ordinary skill in the art would have been motivated to do so to provide users with an 
easy to learn, easy to handle, and comfortable data arrangement (Slodowski et al., 
column 2, lines 54-67). 

Regarding claim 3, Maloney et al. do not expressly disclose receiving a user 
input selecting a displayed data component; graphically highlighting data components 
correlated to the selected data component. However, Slodowski et al. teach receiving a 
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user input selecting a displayed data component; graphically highlighting data 
components correlated to the selected data component (column 5, lines 13-43). 
Therefore, it would have been obvious to one having ordinary skill in the art at the time 
the invention was made to graphically display data, highlighting correlated data. One of 
ordinary skill in the art would have been motivated to do so to provide users with an 
easy to learn, easy to handle, and comfortable data arrangement (Slodowski et al., 
column 2, lines 54-67). 

Regarding claim 4, Maloney et al. do not expressly disclose receiving a user 
input selecting a displayed data component; graphically highlighting the user selected 
data component; and graphically highlighting data components correlated to the 
selected data component. However, Slodowski et al. teach receiving a user input 
selecting a displayed data component; graphically highlighting the user selected data 
component; and graphically highlighting data components correlated to the selected 
data component (column 5, lines 13-43). Therefore, it would have been obvious to one 
having ordinary skill in the art at the time the invention was made to graphically display 
data, highlighting correlated data. One of ordinary skill in the art would have been 
motivated to do so to provide users with an easy to learn, easy to handle, and 
comfortable data arrangement (Slodowski et al., column 2, lines 54-67). 

Regarding claim 11, Maloney et al. do not expressly disclose receiving a user 
input selecting a displayed data component; and graphically highlighting all data 
components correlated to the selected data component. However, Slodowski et al. 
teach receiving a user input selecting a displayed data component; and graphically 
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highlighting all data components correlated to the selected data component (column 5, 
lines 13-43). Therefore, it would have been obvious to one having ordinary skill in the 
art at the time the invention was made to graphically display data, highlighting 
correlated data. One of ordinary skill in the art would have been motivated to do so to 
provide users with an easy to learn, easy to handle, and comfortable data arrangement 
(Slodowski et al., column 2, lines 54-67). 

Regarding claim 12, Maloney et al. do not expressly disclose receiving a user 
input selecting a displayed data component; graphically highlighting the user selected 
data component; and graphically highlighting all data components correlated to the 
selected data component. However, Slodowski et al. teach receiving a user input 
selecting a displayed data component; graphically highlighting the user selected data 
component; and graphically highlighting all data components correlated to the selected 
data component (column 5, lines 13-43). Therefore, it would have been obvious to one 
having ordinary skill in the art at the time the invention was made to graphically display 
data, highlighting correlated data. One of ordinary skill in the art would have been 
motivated to do so to provide users with an easy to learn, easy to handle, and 
comfortable data arrangement (Slodowski et al., column 2, lines 54-67). 

Regarding claim 18, Maloney et al. do not expressly disclose wherein the user 
interface graphically highlights correlated data components of intrusion event data, data 
summary and detailed data. However, Slodowski et al. teach wherein the user interface 
graphically highlights correlated data components of intrusion event data, data summary 
and detailed data (column 5, lines 13-43). Therefore, it would have been obvious to one 
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having ordinary skill in the art at the time the invention was made to graphically display 
data, highlighting correlated data. One of ordinary skill in the art would have been 
motivated to do so to provide users with an easy to learn, easy to handle, and 
comfortable data arrangement (Slodowski et al., column 2, lines 54-67). 

Regarding claim 19, Maloney et al. do not expressly disclose wherein the user 
interface is operable to receive a user input selecting a displayed data component, and 
graphically highlight all data components correlated to the selected data component. 
However, Slodowski et al. teach wherein the user interface is operable to receive a user 
input selecting a displayed data component, and graphically highlight all data 
components correlated to the selected data component (column 5, lines 13-43). 
Therefore, it would have been obvious to one having ordinary skill in the art at the time 
the invention was made to graphically display data, highlighting correlated data. One of 
ordinary skill in the art would have been motivated to do so to provide users with an 
easy to learn, easy to handle, and comfortable data arrangement (Slodowski et al., 
column 2, lines 54-67). 

Regarding claim 20, Maloney et al. do not expressly disclose wherein the user 
interfaceJs operable to receive a user input selecting a displayed data component, 
highlight the user selected data component, and highlight all data components 
correlated to the selected data component. However, Slodowski et al. teach wherein the 
user interface is operable to receive a user input selecting a displayed data component, 
highlight the user selected data component, and highlight all data components 
correlated to the selected data component (column 5, lines 13-43). Therefore, it would 
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have been obvious to one having ordinary skill in the art at the time the invention was 
made to graphically display data, highlighting correlated data. One of ordinary skill in the 
art would have been motivated to do so to provide users with an easy to learn, easy to 
handle, and comfortable data arrangement (Slodowski et al., column 2, lines 54-67). 
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Conclusion 



1 3. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to David G. Cervetti whose telephone number is (571) 272- 
5861. The examiner can normally be reached on Monday-Friday 7:00 am - 5:00 pm, 
Off on Wednesday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on (571)272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). (1 O 
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